SrvReport - Automatic Server Reporting System

Introduction

SrvReport is a simple and featurefull server monitoring and reporting
system. It can send every day a mail with the latest state of the
server including:

Network traffic report (including graph per hour)

Network traffic via 'iptables'

Web-server traffic and vhost report

CPU usage report (including dayly graph per quater)

Xfer-logs (ftp)

Analyse of postfix/sendmail mail-log (to, from, size)

Analyse of qpopper checks (username, # of checks, time)

Last authenticated users

Report of server warnings

System informations (mounted volumes / meminfo)

Optional test for rootkits (with chkrootkit)

Optional may other reports (via config-file)

The email report will be in HTML (mime with graphics) and text-only
format. It is primarily designed for admins who has a server on a
remote location and who wants to know what is going on, without always
looking at some log-files.

Global Settings

Example

Modules

Reports are generated via "modules". This are perl modules which implement the
report generation for a specific task. In the actual state,
the following report-modules are already available.

Each module config section starts with the names in square brackets: [name]
This name is also used in the order setting under global settings.
In the following each section must contain at least the following keys:

module: The name of the module (e.g. LogReport, TrafficReport, HttpdReport, ...)

description: This name will be display in the summary and the headlin for the section in the mail

The configuration is very flexible. It contains the following entries:

file

wholefile

pattern

regex

file

This file will be read and used for analyse.
The name of the file can also contain special keywords, which will be repaced during processing:

%%YYYY: Year of report

%%MM: Month (with two decimal) of report

%%mm: Month (with one or two decimal) of report

%%DD: Day (with two decimal) of report

%%dd: Day (with one or two decimal) of report

wholefile

If this is set to 1 then the whole file is processed
against the pattern or regex (if specified).
If this is not set or set to 0, then it is tried to check against the pattern which contains a "%timex" key.
And only the lines which contains the actual date of the report is used.

regex

Examples

Here is a more complete example for an configuration
And here is the given mail-output

HttpdReport

With this you can analyse web-server logfiles (like apache logfiles).
One problem of analysing log files is logrotate.
To overcome this I used an piplog.pl for the apache server.
With this pipelog it is possible to create an logfile for every day without
restarting or reloading the web server. This logfile can now be analysed (if the
day is over) and afterwords deleted.

The apache pipelog.pl is also included in this release (in
the bin directory).
If you want to use this, you just need to change the /etc/httpd/httpd.conf
and add the following entries (if you have vhosts):

Examples

Here is a more complete example for an configuration
And here is the given mail-output

TrafficReport

For reporting the traffic, the /proc/net/dev file is used. It reports
in/out traffic since system boot. All values are read every 15 minutes and are stored in
a separate file in data directory. This file is then read right
after midnight when the report is generated. Afterwords, this file is deleted.

Here is a more complete example for an configuration
And here is the given mail-output

Pattern syntax

Some modules support the "pattern" config entry. A pattern contains one or more keys.
A pattern-key always starts with the percent (%) character followed by some keyword.
Between such pattern-keys there must be always ONE space.
The following keywords are defined: